Express Computer
Home  »  News  »  Cyberattackers achieve their greatest successes by exploiting known and unpatched vulnerabilities, according to Tenable

Cyberattackers achieve their greatest successes by exploiting known and unpatched vulnerabilities, according to Tenable

0 37

An abundance of successful cyberattacks in the final quarter of 2023 resulted from threat actors leveraging known and exploitable vulnerabilities, according to Tenable, the Exposure Management Company. Telemetry data from Tenable’s Research Team found that 54% of devices affected by ‘CitrixBleed’ (aka CVE-2023-4966, the top vulnerability of Q4 2023) had not been remediated as of January 2024, more than three months after a patch was first announced.

Similarly, a pair of Cisco flaws that were part of an attack chain to exploit Cisco devices running their Internetworking Operating System (IOS) and IOS XE operating systems (CVE-2023-20198 and CVE-2023-20273) had only been remediated in 39% of devices.

While zero-days and AI-powered threats grab headlines, the known and unpatched vulnerabilities are most frequently exploited, especially when coupled with opportunistic actions by malicious actors, allowing ransomware to persist.

“Threat actors continue to find success with known and exploitable vulnerabilities that organisations have failed to patch or remediate successfully. These long-known vulnerabilities frequently cause more destruction than emerging threats,” said Satnam Narang, senior staff research engineer, at Tenable.

Despite the public disclosure of the Atlassian Confluence bug (CVE-2023-22518) in November 2023 and subsequent warnings about its exploitation for spreading the C3RB3R Ransomware, 43% of assets remained vulnerable as of January 23, 2024. On December 20, 2023, there was a spike in IP addresses attempting to exploit several Atlassian flaws including CVE-2023-22515 and CVE-2023-22518. Despite these attempts, nearly half the assets remain vulnerable.

“The key to keeping attackers at bay is organisations understanding the tactics, techniques and procedures employed. By digesting existing knowledge of common breach scenarios and implementing preventive measures, organisations can mitigate such risks. Organisations should focus on identifying and rectifying vulnerabilities promptly and addressing common misconfigurations to bolster cyber hygiene,” said Narang.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image